|
|
Dernières alertes de sécurité
Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability
> date : 2023-10-04 16:00:00
> lien :
https://sec.cloudapps.cisco.com/security/center/content/Cisc...
A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.
This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link: [...]
Cisco Emergency Responder Static Credentials Vulnerability
> date : 2023-10-04 16:00:00
> lien :
https://sec.cloudapps.cisco.com/security/center/content/Cisc...
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.
This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco. [...]
Cisco Network Services Orchestrator CLI Secure Shell Server Privilege Escalation Vulnerability
> date : 2023-10-04 16:00:00
> lien :
https://sec.cloudapps.cisco.com/security/center/content/Cisc...
A vulnerability in Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which Cisco NSO is running, which is root by default. To exploit this vulnerability, an attacker must have a valid account on an affected device.
The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the NSO built-in Secure Shell (SSH) server for CLI was enabled. If the NSO built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A [...]
ConfD CLI Secure Shell Server Privilege Escalation Vulnerability
> date : 2023-10-04 16:00:00
> lien :
https://sec.cloudapps.cisco.com/security/center/content/Cisc...
A vulnerability in ConfD could allow an authenticated, local attacker to execute arbitrary commands at the level of the account under which ConfD is running, which is commonly root. To exploit this vulnerability, an attacker must have a valid account on the affected device.
The vulnerability exists because the affected software incorrectly runs the SFTP user service at the privilege level of the account that was running when the ConfD built-in Secure Shell (SSH) server for CLI was enabled. If the ConfD built-in SSH server was not enabled, the device is not affected by this vulnerability. An attacker with low-level privileges could exploit this vulnerability by authenticating to an affected device and issuing a series of commands at the SFTP interface. A successful exploit could allow the a [...]
|
page précédente |
page 2 |
page suivante |
|
|
Cisco IOx Application Hosting Environment Privilege Escalation Vulnerability
Sécurité
Classement
